--- apiVersion: v1 kind: Namespace metadata: name: authentik --- apiVersion: v1 kind: Service metadata: name: authentik-outpost namespace: authentik labels: app.kubernetes.io/instance: yolokube-proxy app.kubernetes.io/managed-by: goauthentik.io app.kubernetes.io/name: authentik-proxy spec: ports: - name: http port: 9000 protocol: TCP targetPort: http - name: https port: 9443 protocol: TCP targetPort: https type: ClusterIP selector: app.kubernetes.io/managed-by: goauthentik.io app.kubernetes.io/instance: yolokube-proxy app.kubernetes.io/name: authentik-proxy --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: kubernetes.io/tls-acme: "true" name: authentik-ingress namespace: authentik spec: rules: - host: "sso.services.yolokube.de" http: paths: - pathType: Prefix path: "/" backend: service: name: authentik-outpost port: number: 9000 tls: - hosts: - sso.services.yolokube.de secretName: authentik-tls-key --- apiVersion: apps/v1 kind: Deployment metadata: name: authentik-outpost namespace: authentik labels: app.kubernetes.io/instance: yolokube-proxy app.kubernetes.io/managed-by: goauthentik.io app.kubernetes.io/name: authentik-proxy spec: selector: matchLabels: app.kubernetes.io/instance: yolokube-proxy app.kubernetes.io/managed-by: goauthentik.io app.kubernetes.io/name: authentik-proxy template: metadata: labels: app.kubernetes.io/instance: yolokube-proxy app.kubernetes.io/managed-by: goauthentik.io app.kubernetes.io/name: authentik-proxy spec: containers: - env: - name: AUTHENTIK_HOST valueFrom: secretKeyRef: key: authentik_host name: authentik-outpost-api - name: AUTHENTIK_TOKEN valueFrom: secretKeyRef: key: token name: authentik-outpost-api - name: AUTHENTIK_INSECURE valueFrom: secretKeyRef: key: authentik_host_insecure name: authentik-outpost-api image: ghcr.io/goauthentik/proxy:2024.8.3 name: proxy ports: - containerPort: 9000 name: http protocol: TCP - containerPort: 9443 name: https protocol: TCP --- apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: name: authentik namespace: authentik spec: forwardAuth: address: http://authentik-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik trustForwardHeader: true authResponseHeaders: - X-authentik-username - X-authentik-groups - X-authentik-email - X-authentik-name - X-authentik-uid - X-authentik-jwt - X-authentik-grafana-role - X-authentik-meta-jwks - X-authentik-meta-outpost - X-authentik-meta-provider - X-authentik-meta-app - X-authentik-meta-version